frafra
commented
1 year ago I reduced the effects of this PR by dropping some commits and re-adding some missing packages.
Closed frafra closed 1 year ago
frafra
commented
1 year ago I reduced the effects of this PR by dropping some commits and re-adding some missing packages.
sosedoff
commented
1 year ago Thanks, i'll review
Fix #644.
I created a new stage to handle the key, so that many tools do not end up in the final image, then I further simplified both the build and release stage. This reduced the image size from ~200 MB to ~160 MB, and reduced the build time as well. I also removed
apt-key, which is deprecated, used quiet mode for apt, and avoided installed recommended packages.I dropped the postgres client as well, as it is needed just when running the tests. By doing that, the only external dependency is
nc, which is provided by a minimalbusybox:muslimage (<1 MB). The final image ~15 MB, which is ~92 % less of the original image. Since I was not sure if this is the desired result, I kept the commit split. Since the binary is now built withCGO_ENABLED=0, there is no need to use a golang image based on Debian, so the alpine version is used instead.Replacing
ncwith a different way to do a self-check would further reduce the image, but usingscratchas the base image could be problematic for some users, that are used to have a minimal shell within the container.As the last step, I added https://github.com/eficode/wait-for, a small POSIX shell script, to wait for Postgres without having to rely on specific docker compose functionalities, which are not available in other systems.
depends_ondoes not even work in some Docker environments. I replaced the health check that usedncwithwait-for, which tries to establish a http connection by default.The software works as usual, but a review would be helpful. I also added
build: .to allow local builds usingdocker compose.The current version requires 27 seconds to be built, and its size 197 MB (
docker system prune -af && time rootlesskit docker build --no-cache .). This includes the image pull from the server. In my case, I am using a gigabit connection, so the impact of using larger images is small, but it could affect other users more. Using the same criteria, the version proposed in this PR takes 20 seconds to be built, and its size is 16 MB.Possible improvements for the future:
.gitshould not be copied when building the image, andgitinstallation could be skipped as well;RUN --mount=type=cache,mode=0755,target=/go/pkg/modand similar to avoid downloading dependencies multiple times when there is a minor change;